Like (2) Reply privately Flag as inappropriate 4 days ago Stanislav P., Fernando Fonseca like this

Alexandre Augusto

Incident Manager at Tata Consultancy Services

Yes I think so, but about risk percentage and fraud, its depend of which country we are talking about. For example, In Brazil the levels of fraud is too high and in the other way the security controls is also too high with also high level EMV adoption

Like Reply privately Flag as inappropriate 4 days ago

Paul Watson

Payments Solutions and Financial Services Consultant

As Mr. Koley points out, EMV is certainly plugging a security hole. Is it THE answer? Obviously not, as CNP transaction volume continues to grow. But, just because it doesn't plug every hole, doesn't mean it shouldn't be implemented. It is a very big hole!

Like Reply privately Flag as inappropriate 4 days ago

Christian McMahon

Product Manager at Merchant Link

Top Contributor

I don't believe EMV is a security solution, it's more of a fraud prevention solution (two different ideas). I think EMV will work very well in retail and somewhat in restaurant, but not so well in Hospitality/lodging since there are so many card not present transactions (reservations, back office, web payments, etc..) Further, I am unsure how fast EMV will be adopted without government fiat. My hospitality customers are largely waiting to see how much it will cost, what behavioral changes Americans must buy into, and whether the fraud risk benefits outweigh their internal network support and hardware costs. I still think that EMV + other technologies (such as tokenization, encrypted devices, and single use cards) combined are truer security.

Like (4) Reply privately Flag as inappropriate 4 days ago Bill Poletti, Alexandre A. and 2 others like this

Tom Beck

Product Manager at TD Merchant Services

Top Contributor

If other countries are any indication, the answer is yes. But as other indicate, there are no "final" answers to payment security. It will always be a moving target.

If based on statistics, I think EMV is useful technology to reduce the rate of fraud. With regards to information security then this revolves around people, process and technology. Because of this, I would say that EMV is not "THE" solution to payment security as often there is a vulnerability due to people and process.

Like (3) Reply privately Flag as inappropriate 4 days ago Erana R., Ira C. and 1 other like this

Abraham Motana

Software Development

If I applied and utilized in earnest, it is secure, however the processes to acquire a transaction is acted upon by people; from the developer on the card acquiring device, a operator in a merchant, people involved in keys management etc. at any of those stages processes could be compromised, then your payment security falls flat. I think the true value can be measured by the secure payments vs the fraudulent ones.

Like Reply privately Flag as inappropriate 4 days ago

John Miglautsch

For 30 years, growing both sales and profits. Catalog and eCommerce companies are my sweet spot

Looking at adoption in other countries, fraud does move away from card-present situations. But eCommerce and Catalog companies should be working now to improve their encryption from end to end. Historically the fraud moves to internet attacks. Most of the merchants I talk with are not preparing for 2015.

Like (2) Reply privately Flag as inappropriate 3 days ago Erana R., Bill Poletti like this

Bill Poletti

Retired

As noted earlier, EMV does nothing to address fraud in the growing CNP channels. It only addresses the shrinking face2face transaction channels. Fraud WILL and IS migrating to CNP.

I recently read an article on the quiet development of quantum computing solutions. It does not seem very far off. Though this might seem a little off-topic, quantum computing will end encryption as we know it. That will render the estimated U$31 billion in infrastructure upgrades for EMV a total waste.

I might have a "glass half empty" view and attitude, but EMV has been sold as the complete security solution which is clearly isn't. It will reduce fraud in a shrinking face2face acceptance market but meets no long term growth acceptance channels. It just gives a false sense of security to the average and sub-average cardholder.

So I've heard that the thieves migrate to the lowest hanging fruit (ie. from Europe, to Asia, to Canada and North America as each rolled out EMV) basically running to where EMV was not. I know they are not going to give up. They might focus more on card not present or will they double their efforts to try to crack the EMV magic. I've been trying to figure out what's the next "thing" after EMV? Obviously any technology will have to support mobile as it's growth in the payments space is on a tremendous upward track. Thoughts?

There is enough to be earned by fraud now from the earlier technologies. When the focus shifts to EMV, in my opinion there are sufficient opportunities in EMV to result in significant losses. Advances in electronics since the introduction of EMV will enable fraud to effectively compromise EMV and then create havoc. Implementations of CHIP and PIN might not be as secure as it appears to be. Take the example of the photo card, very quickly it was shown that the fraud reductions reported were skewed.

Like (2) Reply privately Flag as inappropriate 3 days ago Ira C., Bill Poletti like this

Simple, No. EMV is the secure way for card present transactions always when is implemented correctly and combined with other measurements of preventing and/or detecting fraud. Yes, it is true the thieves have migrate they activity to non EMV countries. This because a cloned EMV card will be used through magstripe in a non EMV environement which is a pure magstripe transaction as the CHIP will not be read ( the cloned card will not have a chip so will be swiped or entered in ATM). This is the traditional way for them to secure fast cash. The criminals today aim to steel big data through data breaches, This is the fraud biggest trend. They will try to use them mostly in non EMV environemet. So it is important that the industry to implement unified security measures globally and imlementimg EMV in non EMV countries now is a must. If we cut the source of usage of the stolen data for me is crucial to prevent the data breaches. EMV helps a lot.

And even AFTER the US implements EMV, there is still a huge non-EMV environment that will be exploited in CNP. EMV is ONLY effective in card present and only for a limited time. When quantum computing is developed, EMV will no longer be an effective tool against fraud. The Brazillian fraud case is an example of what will happen because cardholders will become complacent. After all, EMV has been sold as the complete security solution for bankcard.

Like Reply privately Flag as inappropriate 3 days ago

Bill Poletti

Retired

Parama - For 18 years, almost to the day, I have been pointing out that EMV is not the total solution. By 2000, it was obvious that the industry should not pursue EMV because of the booming e-commerce CNP growth. Retail face2face is shrinking by comparison. Now, EMV is being implemented globally and card fraud is starting to migrate to the path of least resistance. Everybody is pushing EMV, but ignoring CNP exploding fraud.

Like Reply privately Flag as inappropriate 3 days ago

Gary Smythe

President and Co-founder at Catalyst Card Company

It seems to me that the decision has already been made and that EMV migration has begun. The discussions regarding whether or not we should pursue this technology in the US are moot. Let's all work together to make the transition as successful and secure as possible, and let's tackle CNP to improve the entire environment. In other words, let's move on.

Like (3) Reply privately Flag as inappropriate 3 days ago Enkelejda BALLIU (POPA), MSc, Ira C. and 1 other like this

Bill Poletti

Retired

Oh, the decision has been made. The marketers, consultant and vendors have sold it to the world. The lawyers will take over when it doesn't work as predicted.

JAZD, the leader in online B2B directory service platforms, and Executive IT Forums Inc., publisher of ITGRCForum.com, announced today their new online Governance, Risk Management, and Compliance industry marketplace, GRCMarketplace, is now live and open to buyers here.

GRCMarketplace, powered by the JAZD directory platform, delivers complete listings of companies and products, deep industry content, user ratings & reviews, geographical search, side-by-side product comparisons, videos, webinars, downloadable product specifications, pricing and marketing literature, along with an array of social tools for users to share information and network with peers. This infrastructure combined with highly-engaged suppliers and buyers provides a new, more effective directory experience for the GRC industry.

"The launch of the GRCMarketplace is a perfect extension of the ITGRCForum," said Jamie Bedard, Founder and CEO at JAZD. "Working with Executive IT Forums Inc, we are able to provide their audience a full range of research, purchasing, education and networking tools."